is there a sure way to stop hotlinking?

[Rhett Allen]

I just thought of a cute trick. Change the image to one of the same name that says "the image previously used here is stolen copy protected artwork" (or something similar) it would send a powerful message to the website owner and embarrass them at the same time possibly making them think twice next time.

I hope you do it (it would be funny), I'll keep checking in hopes.

[James Emory]

Now Rhett, that's not fair. I already said put unauthorized image in place to expose them. I agree that it would be very funny. What could they say? :)

Rafal. When you said you guess you'll have to keep changing the name is this guy actually continuing to update the image everytime you change the filename? If so, that is some aggressive pirating and it's probably time to give him a call or send him a note. I caught a company using my footage for demos on their site and called them about it and they took it down immediately.

[Brian Kennedy]

Is an ".htaccess" file something you could use? I am not sure if it works on Windows servers.

[Boyd Ostroff]

<<<-- Originally posted by Robert Knecht Schmidt : Which Wendy's image, Boyd? -->>>

Oh, OK... didn't read your post carefully. I see the icon for a missing image there so it is working.

[Robert Knecht Schmidt]

"I just thought of a cute trick. Change the image to one of the same name that says 'the image previously used here is stolen copy protected artwork' (or something similar) it would send a powerful message to the website owner and embarrass them at the same time possibly making them think twice next time."

I think you can send just as powerful an antitheft message--but a positive one rather than an accusatory one--with a simple redirect placeholder. The hotlinker loses because he doesn't get his image and doesn't steal your bandwidth, and you win because you get more real traffic to your site without having to sound like a jerk.

Once you install an auto-placeholder, you instantly come to love hotlinkers. It's like they're advertising your site for free without knowing it. Why should you spoil your free ad space by cluttering it up with a negative message like an accusation? Can you imagine Nike buying a billboard ad and then painting it with, "You suck, buy Nike shoes"?

[Rob Lohman]

If you can do scripting (in either PHP or ASP) serve the images up
through that and check the referrer, if it isn't your site then load
up another image...

[Rhett Allen]

Sorry Robert, I figured since you already tried the "nice" approach (sending letters) it was time to be "not nice". To steal someone's work is one thing, to steal it and use their bandwidth to do it is another, to steal both and ignore requests or contact from the artist is just plain rude. I don't like that. They could have at least asked or given proper credit up front.

[Rafal Krolik]

Well, few problems.
1 .htaccess doesn't work on window servers ( I researched and also spoke to my ISP about it )
2 Scripting it with ASP would be no problem, because I am a programmer working with ASP, but the offending party is pointing directly to the .wmv file.
3. e-mail have been sent to the person as well as to their host on numerous occasions, but no response.
4. I even obfuscated the HTML and added the script from displaying the links in the status bar, bu the problem is that once the video plays, whether embedded or directly in a player, you can right click on it, look at the properties which will show you the file name.

BTW, the obfuscator is pretty cool, view the source for this page and you'll see what I mean http://www.sevillemedia.com/cincere

You can take the software for a trial run at http://www.antssoft.com/htmlprotector/index.htm?ref=google&group=1

Thanks guys

[Christopher Lefchik]

Robert,

I tested the site that is hot linking your Wendy's image on three different computers, in at least two browsers on each computer. The browsers' caches were emptied before accessing the site. It turns out I wasn't dreaming. Only on one computer did your placeholder GIF show up. It appears that software firewalls like Zone Alarm Pro and Norton Personal Firewall are somehow interfering with the placeholder, because once they were disabled the placeholder worked fine. It probably has something to do with the firewalls' privacy/ad blocking features.

The one computer that your placeholder worked on (without disabling the firewalls) had the free ZoneAlarm firewall, which doesn't have the privacy/ad blocking features of the other two.

[Mark Sloan]

Some browsers also have the ability to set as a security level that images can only be viewed from the same domain you are visiting. This was to help prevent a loophole in image tags that allowed ad companies to track who you are. As a side effect, it prevents hot linking.

[James Emory]

Yep. This site uses that technology. Just try hotlinking to one of their images and see what happens.

www.crewpix.com

Go ahead, try this one!
http://www.crewpix.com/albums/MusicV..._001.sized.jpg

[Rob Lohman]

Rafal: the idea is to put the file outside of your web directory:

consider the following site structure:

<sitename>movies\
<sitename>www\

You point IIS or Apache to <sitename>www\ directory.

In there you have an ASP script called getmovie.asp for example.
You pass a parameter (on the querystring or even better yet
with a post form so no vars are visible and if people directly link
to it you can redirect them to your homepage due to a missing
parameter) which contains the filename for the movie or an ID
etc.

Then check the referrer through the use of
Request.ServerVariables to make sure the request came from your
site (make sure to only check for the domain and/or IP).

If this is done you can serv up the file.

set obj = Server.CreateObject("ADODB.Stream")
obj.Open
obj.Type = 1 'adTypeBinary
obj.LoadFromFile "d:\<sitename>\movies\" & passedparam

Response.BinaryWrite obj.Read

obj.Close
set obj = nothing


make sure you CHECK THE PASSED PARAM so they can't hack your
webserver by trying to get to other files. The movies directory will
need READ (only those!) rights for the account used to run the
web server under.

You will also need to send headers back (BEFORE the code block
above!!) depending on what you want:

Response.AddHeader "Content-Disposition", "inline; filename=" & strdbFile
Response.ContentType = "application/octet-stream"

This garantuees the browser will download the file instead of play
it. If you want to play it do something like this:

Response.ContentType = "video/x-ms-wmv"

for a .wmv file for example. You can find the mime types for all
files under the registry key HKEY_CLASSES_ROOT.

You can even write a little function to automatically get the correct
mime type by using the file's extension and then looking the
information up in the registry.

[Rafal Krolik]

James, crewpix is running on Apache which makes doing what I need easy, I am on the IIS and the same option does not exist....yet.

Rob, thanks for the poiner, I will take a look at it tonight and see what comes out of it.